REHYB@STELAR: Sensitive data and user privacy

19.01.2020. The ReHyb project aims at developing a digital twin respecting Ethics and Data Protection. A digital twin is a digital replica of a living or non-living physical entity and it enables a seamless transfer of data by connecting physical and virtual worlds. In this regard, it is clear that such innovative ideas and tools need to achieve trust from the users and the best way is being transparent and showing that the project has checked and assessed all ethical and Data Protection issues.

Our main target is to achieve that the Rehyb project is designed to achieve the highest levels of Data Protection and Ethics. For this reason we help to take care of this issue from the very beginning of the project because in the digital world the principle that says “building is easier than re-building” works exactly as in the physical world. For this reason we try to work with Privacy by Design principles during the whole project. ReHyb will respect the principle of “data minimization”, which means trying to work with as little personal data as possible and even without them (anonymization) where this is achievable. 

Another tool is encryption, which assures that only the right users of the platform will be able to access personal data. From the ethical point of view we have assessed that the project works in a way that, among others, respects the principles of benefit, justice, autonomy and freedom of the user and, last but not least, sustainability.

Our strategy covers relevant international standards (such as ISO/IEC 27001). We use state-of-the-art anonymization techniques, strict access control measures to ensure that access to the sensitive data is allowed only for authorized users. End-to-end cryptographic techniques ensure that any data communications between the patient and their sensors and the system’s servers are secure. Moreover, the ReHyb project will respect all user rights with regards to their collected data as those are described in the General Data Protection Regulation (GDPR).

We strongly believe that following the mentioned principles it is possible to achieve a new understanding of Data Protection and Privacy. Trying to make it understandable for every person or institution involved in ICT projects is the best way to reach better levels of both protection and acceptance. And showing that it is possible to work in a Data Protection promoting way if your project begins early enough to work towards an effective realization of ethical and legal requirements, this will also help to understand that Data Protection is not a barrier but an added value.

Stelar Security Technology Law Research (STELAR) is a partner in the ReHyb consortium and leads the effort of excellent ethical and regulatory compatibility of the technology design, selection and development.